Re: ecryptfs and password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



James McKenzie wrote:
> On 5/7/11 12:54 PM, Bill Davidsen wrote:
>> James McKenzie wrote:
>>> On 5/1/11 5:18 PM, Bill Davidsen wrote:
>>>> Gregory Hosler wrote:
>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>> Hash: SHA1
>>>>>
>>>>> On 04/25/2011 09:48 AM, Digimer wrote:
>>>>>> On 04/24/2011 09:46 PM, ssc1478 wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I'm new to Fedora - been using Ubuntu for years.  I just installed
>>>>>>> Fedora 14 to my laptop and selected to encrypt /home.
>>>>>>>
>>>>>>> When I boot, I have to enter the password for the encrypted directory.
>>>>>>>       Did I set it up wrong?  I didn't expect to have to enter the password
>>>>>>> at boot but instead thought the login password would be enough.
>>>>>>>
>>>>>>> Thanks!
>>>>>>>
>>>>>>> Phil
>>>>>> It encrypts the partition, so when the system tries to mount /etc/fstab
>>>>>> partitions, of which /home is likely one, it requires the password then.
>>>>> alternately, you can setup /etc/crypttab so that the password is not entered
>>>>> manually.
>>>>>
>>>> This adds no security at all from the encryption. The only reason to use
>>>> encryption and then build in the pass phrase is to allow you to claim that the
>>>> data was encrypted if you lose the machine, therefore giving you legal cover if
>>>> the data you lost belongs to customers. I can't decide if that's a sleazy legal
>>>> trick to provide cover without the effort to have security, or if it just shows
>>>> how little the average user knows about security in the first place.
>>> False security is worse than no security at all.  Never store a
>>> passphrase on a readable device.  It should be stored in the brain, just
>>> like passwords and such.  BTW, this would never pass a security
>>> inspection at any of the places I've worked at.
>>>
>> It satisfies legal requirements to encrypt sensitive data which is all the bean
>> counters and lawyers care about. They are not required to actually protect your
>> information. :-(
>>
> Not in the EU.  There are legal requirements to safeguard information,
> to include encryption of 'data at rest' and 'data in transit'.  Same for
> HIPPA and in the PCI world.  This has gotten several companies in trouble.
>
That's my point, encryption is required, keeping the key safe may not be spelled 
out in the law.

-- 
Bill Davidsen <davidsen@xxxxxxx>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux